PT-2007-2349 · Php+1 · Php+1

Publicado

2007-02-13

Atualizado

2018-10-30

CVE-2007-0908

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.2.1 PHP versions prior to 4.4.5

Description: The issue is related to the WDDX deserializer in the wddx extension, which does not properly initialize the key length variable for a numerical key. This allows attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.

Recommendations: For PHP versions prior to 5.2.1, update to version 5.2.1 or later. For PHP versions prior to 4.4.5, update to version 4.4.5 or later.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2007-0908

DSA-1264-1

RHSA-2007:0076

RHSA-2007:0081

RHSA-2007:0082

RHSA-2007:0088

RHSA-2007:0089

RHSA-2007_0076

RHSA-2007_0082

Produtos afetados

Php

Red Hat

PT-2007-2349 · Php+1 · Php+1

CVE-2007-0908

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 63